Microsoft Active Directory

]po[ supports integration with Microsoft Active Directory which is part of Microsoft Windows Server. The integration allows for both authentication and import of users.

Import of User Data

The following LDAP fields are used for the ]po[ user base information.

In the second line of every field we use example values of "Peter Pan <ppan@milkyway.com>" and specify where the LDAP vales are stored in the ]po[ database (table.column).

givenName:
"Peter" -> person.first_names

sn (LDAP surname):
"Pan" -> person.last_name

mail:
"ppan@milkyway.com" -> party.email.
Please consider that party.email is a "unique" field, so that you can't have two users with the same email. During the LDAP import, a data of a second user will overwrite the data of a first user with the same email.

displayName:
"Peter Pan" -> users.screen_name

sAMAccountName (LDAP Windows account name):
"ppan" -> users.username
Please consider that users.username is a "unique" field, so that you can't have two users with the same username. During the LDAP import, a data of a second user will overwrite the data of a first user with the same username.

wWWHomePage (LDAP user's home page):
"www.milkyway.com" -> party.url

userAccountControl:
Controls whether a user has been disabled in Active Directory. The AD value "514" indicates a disabled users. ]po[ will set the user status to "banned" for these users.

Employee information:

department (LDAP department name):
"Sales" -> im_employee.department_id
]po[ will create new departments during the import with the specified department name. You can update the department hierarchy in Admin -> Cost Centers.

company (LDAP company name):
Name of the user's company. ]po[ will search in the list of companies for a matching company name or company path (ignoring upper/lower case). Please study the configuration information about how to setup companies in ]po[.